Show filters
194 Total Results
Displaying 141-150 of 194
Sort by:
Attacker Value
Unknown
CVE-2006-6162
Disclosure Date: November 29, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
0
Attacker Value
Unknown
CVE-2006-6163
Disclosure Date: November 29, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.
0
Attacker Value
Unknown
CVE-2006-5703
Disclosure Date: November 04, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
0
Attacker Value
Unknown
CVE-2006-5702
Disclosure Date: November 04, 2006 (last updated October 04, 2023)
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.
0
Attacker Value
Unknown
CVE-2006-4906
Disclosure Date: September 21, 2006 (last updated October 04, 2023)
SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.
0
Attacker Value
Unknown
CVE-2006-4734
Disclosure Date: September 13, 2006 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
0
Attacker Value
Unknown
CVE-2006-4602
Disclosure Date: September 07, 2006 (last updated October 04, 2023)
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
0
Attacker Value
Unknown
CVE-2006-4458
Disclosure Date: August 31, 2006 (last updated October 04, 2023)
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
0
Attacker Value
Unknown
CVE-2006-4299
Disclosure Date: August 23, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
0
Attacker Value
Unknown
CVE-2006-3237
Disclosure Date: June 27, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
0
